1

Is there any security advantage to using a pre-determined IV in CBC mode over a null IV? I'm implementing a license key system similar to this article on CodeProject, but I'm confused by the authors use of a pre-determined IV embedded in the client code alongside the key. Presumably a properly randomized IV wasn't used because the resulting license key would be too long, but wouldn't a null IV be just as (in)secure?

Neil
  • 21
  • 6
  • You are right: There is nothing special about the zero IV (assuming AES is secure); it is just as bad as any other fixed IV. – yyyyyyy Jul 15 '15 at 05:56
  • 1
    Note that symmetric crypto means that key generators are possible. Using asymmetric keys only cracks but not key generators are possible, but they produce longer product keys. – CodesInChaos Jul 15 '15 at 07:03
  • In my case the target is an embedded system, so the symmetric key will be fairly secure in the inaccessible firmware. – Neil Jul 15 '15 at 13:54

1 Answers1

2

There's no practical difference between zero IV and any other constant IV here.

With some older ciphers that have a small enough keyspace (or weaknesses that allow reducing it) you could have a rainbow table for the encryption of the zero vector which might make zero IV a weaker choice in some cases, but that would be impossible for AES with its 128-256 bit keys.

Note that when a key is only used to encrypt a single plaintext, a constant IV is secure.

Community
  • 1
otus
  • 32,132
  • 5
  • 70
  • 165